When you create a operator, interact with the k8s api via your service or want to tinker with the controlplane server args you might want a sandboxed endpont that dosen't cost a fortune and doesen't bring down production.
But starting the controlplane isn't as easy as starting a http web server. It has dependencies to etcd end requires communication via TLS certs. Setting this up can be a pain in the a**.
Thats why I created this docker compose file and some supporting scripts to create the required certs.
Download the files into a dircetory that looks like ths:
root/
├─ certs/
│ ├─ generate-certs.sh
│ ├─ csr.conf
├─ docker-compose.yaml
Enter the certs
directory. Make any changes to the csr.conf
if needed (like IPs or hostnames) and run the script.
NOTE: Run the script under Linux, not Windows since Windows openSSL is buggy.
Now you can run docker compse up
I used it to test OIDC integration with K8s but you can do basicly anything. But you have to keep in mind that dis is a controlplane that is basicly incapable of doing anything. It can not scedule or start pods! You can use this to:
- Test CRDs
- Test interacting with a real k8s api
- Test OIDC
- Test user auth roles
- Test manifest schemas
There are alternative local k8s tools like kind
, minikube
and k0s
but sometimes they manage/abstract the controlplane to much. It can become hard alter data for the controllplane. Some of these tools are kind of heavy on resources since they also deploy the scheduler, kube-proxy and csi provisioners. This only uses the api server and etcd.